Two-step hierarchical scheme for detecting detoured attacks to the web server | Zendy

Byungha Choi | Zendy; Kyungsan Cho | Zendy

AI Assistant Blog Pricing

Home ZAIA Blog

Open Access

Two-step hierarchical scheme for detecting detoured attacks to the web server

Author(s) -

Byungha Choi,

Kyungsan Cho

Publication year - 2013

Publication title -

computer science and information systems

Language(s) - English

Resource type - Journals

SCImago Journal Rank - 0.244

H-Index - 24

eISSN - 2406-1018

pISSN - 1820-0214

DOI - 10.2298/csis120908026c

Subject(s) - computer science , malware , spoofing attack , scheme (mathematics) , dissemination , payload (computing) , network packet , computer security , web server , computer network , the internet , world wide web , mathematical analysis , telecommunications , mathematics

In this paper, we propose an improved detection scheme to protect a Web server from detoured attacks, which disclose confidential/ private information or disseminate malware codes through outbound traffic. Our scheme has a two-step hierarchy, whose detection methods are complementary to each other. The first step is a signature-based detector that uses Snort and detects the marks of disseminating malware, XSS, URL Spoofing and information leakage from the Web server. The second step is an anomaly-based detector which detects attacks by using the probability evaluation in HMM, driven by both payload and traffic characteristics of outbound packets. Through the verification analysis under the attacked Web server environment, we show that our proposed scheme improves the False Positive rate and detection efficiency for detecting detoured attacks to a Web server.

The content you want is available to Zendy users.

Already have an account? Click here to sign in.

Having issues? You can contact us here

Accelerating Research